2 matches found
CVE-2022-41931
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...
CVE-2022-41931
CVE-2022-41931 affects xwiki-platform-icon-ui. It enables Eval Injection through the iconPicker macro, allowing an authenticated user with view rights on common documents to run arbitrary Groovy/Python/Velocity code due to improper neutralization of macro parameters. The vulnerability is fixed in...